
New Scam Tricks Users Into Installing Password Stealing Software. Here's How to Avoid It
ACR Stealer uses fake error messages to trick people into running commands that steal passwords and sensitive files from their computers.
Source
Microsoft Security Blog
Original headline: ACR Stealer: Two observed intrusion chains amid increased threat activity
Plain-English summary by GetCyberRight. Read the full report at the source above.
Microsoft detected increased activity from a type of malicious software called ACR Stealer between late April 2026 and mid-June
- This threat uses a technique called ClickFix, which displays fake error messages on websites. When users try to fix the fake problem by following on-screen instructions, they unknowingly install software that steals their passwords, login tokens, and sensitive documents. This threat primarily targets business and enterprise users who work on company computers. If the attack succeeds, it can steal browser passwords, authentication tokens that keep you logged into websites, and sensitive documents from your computer. The campaigns Microsoft observed were hitting company environments, but the same techniques could potentially affect home users who encounter these fake error messages on compromised or malicious websites. Here's what you should do to protect yourself right now:
- Never copy and paste commands from websites into your computer's command prompt or terminal, even if a popup says you need to fix an error.
- If you see an unexpected error message on a website asking you to run commands or download a fix, close the browser window immediately.
- Keep your web browser and operating system up to date with the latest security patches.
- Use antivirus software and keep it updated. Windows Defender, which comes free with Windows, provides good protection if kept current.
- If you think you may have fallen for one of these tricks, change your passwords immediately, starting with email, banking, and other important accounts. To stay protected long-term, be skeptical of any website that asks you to take unusual technical steps to view content or fix errors. Legitimate websites don't ask users to run commands or download special fixes. When in doubt, close the page and navigate to the site directly by typing the address yourself. Teach children and other family members to come get you if they see strange error messages instead of following instructions on screen.
Curated from trusted cybersecurity sources by GetCyberRight
Source: Microsoft Security BlogStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

New Scam Tricks You Into Giving Away Passwords With Fake Fix-It Messages
Criminals are using fake error messages that ask you to click buttons to fix problems. The clicks actually steal your passwords and files.
2 min read
AI Chatbots Are Getting More Powerful: What Parents Should Know About Safety
AI assistants are becoming more autonomous and gaining access to more of your data. Microsoft is working on better security controls for these tools.
2 min read
AI Tools Are Getting Smarter: What Parents Should Know About Security
As AI assistants become more capable, tech companies are working to ensure they can't access too much of your information. Here's what's changing.
2 min readWhy Your Privacy Needs More Than Just Your Permission: Understanding New Protection Ideas
Privacy expert argues that letting people control their own data is not enough. Companies should be held responsible like we do with food and drug safety.
2 min read